Privacy Policy
This policy explains what personal data we collect, why, and your rights under the EU General Data Protection Regulation (GDPR). We only collect what we need to run the shop and fulfil your order.
1. Who is responsible
The data controller for this store is:
Andrén Music & Marketing AB
Sweden · hello@drbror.com
Contact us about privacy at hello@drbror.com.
2. What we collect
- Order & contact data — name, email, shipping and billing address, and order details, when you buy something.
- Payment data — handled directly by Stripe. We receive confirmation of payment and the last four digits/card type, never your full card number.
- Anonymous usage data — aggregate, cookieless visit data (page viewed, time, referring site, screen size). It contains no cookies, no IP address and nothing that identifies you, so it is not personal data.
- Optional analytics & marketing data — only if you consent to those cookies (see our Cookie Policy). This may include device and usage identifiers via Google Analytics and the Meta (Facebook) Pixel.
- Support data — anything you send us by email.
3. Why we use it & legal bases
- To process and deliver your order, and provide support — performance of a contract.
- To meet accounting and tax obligations — legal obligation.
- To keep the store secure and prevent fraud, and to understand aggregate, anonymous traffic — legitimate interests.
- To use analytics and marketing cookies — your consent, which you can withdraw at any time.
4. Who we share it with
We share data only with service providers who help us run the store, under contract and only as needed:
- Stripe — payment processing.
- Our production & fulfilment partner — to make and ship your order (receives your name and shipping address only).
- Email & hosting providers — to send order updates and operate the site.
- Google Analytics and Meta — only if you consent to analytics/marketing cookies.
We never sell your personal data.
5. International transfers
Some providers may process data outside the EU/EEA. Where they do, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses or an adequacy decision.
6. How long we keep it
Order and invoice records are kept for as long as required by accounting law (in Sweden, generally seven years). Support emails are kept only as long as needed. Consent records are kept to demonstrate compliance. Anonymous aggregate stats are retained indefinitely as they identify no one.
7. Your rights
Under the GDPR you have the right to access, correct, delete, restrict or object to processing of your personal data, to data portability, and to withdraw consent at any time. To exercise any right, email hello@drbror.com. You also have the right to complain to your data protection authority — in Sweden, the Swedish Authority for Privacy Protection (IMY, imy.se).
8. Cookies
We use cookies and similar technologies as described in our Cookie Policy. You control non-essential cookies through the consent banner and the link in the footer.
9. Changes
We may update this policy. The current version is always on this page, with the "last updated" date above.